In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges.
maccms maccms 10.0